1. Field of the Invention
The present invention relates to an individual authentication based on a physical feature and, more particularly, to prevention of misuse of the data related to the individual physical feature by the third party.
2. Description of the Related Art
Individual authentication that identifies individuals is a basic function of security. Conventional individual authentication systems have generally utilized belongings such as an ID card or memory such as a password. However, the ID card or password is easy to be stolen or cracked, and this remains a significant problem in security and convenience. Under the circumstances, “biometrics” that identifies individuals based on physical information such as face, fingerprint, or voice is getting attention in recent years.
In general, the “biometrics” is performed as follows. Firstly, data of a physical feature for respective individuals are registered in a system. In the case where fingerprints are used for authentication, image data of the fingerprints for respective individuals are acquired from the system. At this time, the data of physical data (fingerprint image, in the case of fingerprint authentication) is not used without modification, but only the data required for authentication is extracted. For example, in the case of a fingerprint, the position or the number of branch points which characterizes the fingerprint is extracted and used for authentication.
At the time of authentication, for example, in the authentication needed to open the door of a security room, data of a physical feature (fingerprint, etc.) is firstly input and data for authentication is extracted as in the case of registration time. After that, the extracted data and registered data are compared to each other. When the similarity obtained as a result of the comparison exceeds a predetermined threshold, the identity is confirmed.
In the case of biometrics, there is no need to carry an object such as an ID card and there is little risk of theft, so that the biometrics is now getting a lot more attention as a technology capable of increasing security. On the other hand, a problem that the features of human body (face, fingerprint, vein, voice, etc.) remain unchanged over the course of one's life and cannot be changed has been pointed out. In the case of a password, even if it is cracked, a change of the password can prevent others from misusing the same password to some extent. However, once the information related to one's physical feature is stolen, a great threat remains from then on since the physical feature cannot be changed. More specifically, there is a risk that others fake up authenticated features based on the leaked data and misuse them. Therefore, strong defense measures are required for the leakage of the physical feature.
In order to cope with the above problem, as a technique of applying various modification to the data of a physical feature to increase security, an authentication method that generates feature information that cannot be guessed from authentication data to be used in authentication and secret information (password) to thereby maintain confidentiality has been disclosed (refer to, for example, Jpn. Pat. Appln. Laid-Open Publication No. 2000-76195). Although the above authentication method can prevent the misuse of the stolen feature data by modifying the physical feature data into a form that cannot be guessed, it cannot eliminate the risk that the data before modification is stolen and the stolen data is misused as a means of ID theft.
Further, another technique in which a part of the biometrics data to be used, the part being determined by a time stamp, is destroyed before authentication process has been disclosed (refer to, for example, Jpn. Pat. Appln. Laid-Open Publication No. 2002-169781). According to this technique, authentication cannot be completed between the data with different time stamps, preventing illegal secondary use. However, application of the modification processing is made after acquisition of the feature data, so that there is a possibility that unprocessed original data is leaked as in the case of the above invention.
Further, still another technique that applies modification (twisting, shuffling image parts, etc.) processing after acquisition of the feature data (face, vein, voice, etc.) for authentication to prevent others from misusing the stolen feature data has been disclosed (refer to, for example, U.S. Pat. No. 6,836,554). According to this technique, it is possible to prevent the misuse of the leaked feature data by applying modification processing to the feature data. However, application of the modification processing is made after acquisition of the feature data, so that there is a possibility that unprocessed original data is stolen and misused as a means of ID theft.
In the above prior arts, the modification processing is applied after the physical feature data has been stored in an internal memory. Therefore, as far as unprocessed individual feature data exists in an apparatus, the possibility that the feature data is stolen before the modification processing cannot be reduced to 0. For example, the information is likely to be stolen from a signal flowing in a cable connecting an apparatus for acquiring the feature data for authentication and another apparatus for performing authentication process (refer to FIG. 13). Further, there is a risk that a system developer or system manager stoles the unprocessed feature data for the purpose of reselling the personal information. Therefore, the time period in which the unprocessed original data is handled needs to be reduced as much as possible.